Virus Alert: W32.Leech

By
Nikolaj Borg and Francisco
Rangel

Virus researchers from several Anti-Virus labs, such as Symantec,
McAfee, and AVG, have declared a state of emergency, as a new virus,
dubbed W32.Leech, has taken over the Internet. When its payload is
delivered, the victim's hard drive is saturated with files downloaded
from random sources. The virus is so complex it seems to be able
to connect with other instances of itself on other machines.

So
far, researchers have been unable to find the virus itself, though
infected machines are easy to spot due to constant "Your Hard
Drive Is Full" message boxes from the operating system. The
only similarity discovered so far in the infected machines is that
most of them appear to have file sharing software installed. This
leads the researchers to conclude that the virus is spread through
this software - or may even install it without the knowledge of the
user.

Virus researcher Roger Caprici stated, "Users of file sharing
software are probably downloading executables that contain this virus,
and run them, unaware that they are actually installing the virus.
There can be no other explanation for this."

Researchers are frustrated by their inability to find the virus
itself, though the symptoms are obvious. In the words of a Symantec
employee, "it feels like someone is out there, laughing at us.
We know the virus is there, but we simply can't find it. To make
matters worse, we've even discovered that several of our own computers
have been infected. You have to admire the incredible craftsmanship.
Hopefully, the downloads can help us locate the virus. We're keeping
them for further study."

This virus has been detected in homes, offices, Internet cafes,
schools and colleges worldwide. Fortunately, Symantec has provided
a way for Windows users to detect if their computer is infected.
Just follow these steps:

At the Start menu, select Search->Files or Folders

Search for *.mp3 and then for *.avi

If no files are found, your computer is safe.

While no removal tool is available for the virus, the symptoms may
be significantly reduced using these simple steps:

At the Start menu, type "cmd" which will bring up a
black window with white or light gray letters.

Type "del c:\*.mp3 /s" and hit enter.

Type "del c:\*.avi /s" and hit enter.

If you have more than one partition, repeat steps 2 and 3, replacing "c" with
the corresponding drive letters.

Among the countless victims of the Virus is RIAA employee Mervin
Sanchez, who unknowingly suffered from the virus for weeks. "It
has been a living hell. Every few minutes I would get a "disk
full" warning and would have to delete files. I could have saved
the musicians millions in the hours I wasted on cleaning up after
the virus. Now all I can do is to backup my hard drive, reinstall,
and hope those pirate bastards don't manage to infect my computer
again. RIAA estimates 9-digit losses in lost man-hours and digital
theft."